Windows Xp
by Microsoft
CVEs (744)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-0020 | 0.02 | — | 0.18 | Jan 10, 2006 | An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file… | |||
| CVE-2005-1212 | 0.02 | — | 0.25 | Jun 14, 2005 | Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. | |||
| CVE-2005-1935 | 0.02 | — | 0.27 | Jun 13, 2005 | Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously… | |||
| CVE-2004-0571 | 0.02 | — | 0.31 | Jan 10, 2005 | Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability… | |||
| CVE-2004-1049 | 0.02 | — | 0.30 | Dec 31, 2004 | Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling… | |||
| CVE-2004-1361 | 0.02 | — | 0.20 | Dec 23, 2004 | Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow. | |||
| CVE-2004-1319 | 0.02 | — | 0.26 | Dec 15, 2004 | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using… | |||
| CVE-2004-0840 | 0.02 | — | 0.30 | Nov 3, 2004 | The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a… | |||
| CVE-2004-0202 | 0.02 | — | 0.26 | Aug 6, 2004 | IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||
| CVE-2004-0199 | 0.02 | — | 0.26 | Jun 14, 2004 | Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). | |||
| CVE-2004-0117 | 0.02 | — | 0.26 | Jun 1, 2004 | Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. | |||
| CVE-2004-0123 | 0.02 | — | 0.30 | Jun 1, 2004 | Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||
| CVE-2003-0909 | 0.02 | — | 0.21 | Jun 1, 2004 | Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability." | |||
| CVE-2003-0906 | 0.02 | — | 0.25 | Jun 1, 2004 | Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. | |||
| CVE-2003-0907 | 0.02 | — | 0.22 | Jun 1, 2004 | Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. | |||
| CVE-2004-0124 | 0.02 | — | 0.21 | Jun 1, 2004 | The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | |||
| CVE-2003-0660 | 0.02 | — | 0.23 | Nov 17, 2003 | The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval. | |||
| CVE-2003-0661 | 0.02 | — | 0.22 | Oct 20, 2003 | The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. | |||
| CVE-2003-0010 | 0.02 | — | 0.24 | Mar 24, 2003 | Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that… | |||
| CVE-2002-1327 | 0.02 | — | 0.23 | Dec 26, 2002 | Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." |
- CVE-2006-0020Jan 10, 2006risk 0.02cvss —epss 0.18
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file…
- CVE-2005-1212Jun 14, 2005risk 0.02cvss —epss 0.25
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
- CVE-2005-1935Jun 13, 2005risk 0.02cvss —epss 0.27
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously…
- CVE-2004-0571Jan 10, 2005risk 0.02cvss —epss 0.31
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability…
- CVE-2004-1049Dec 31, 2004risk 0.02cvss —epss 0.30
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling…
- CVE-2004-1361Dec 23, 2004risk 0.02cvss —epss 0.20
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
- CVE-2004-1319Dec 15, 2004risk 0.02cvss —epss 0.26
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using…
- CVE-2004-0840Nov 3, 2004risk 0.02cvss —epss 0.30
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a…
- CVE-2004-0202Aug 6, 2004risk 0.02cvss —epss 0.26
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
- CVE-2004-0199Jun 14, 2004risk 0.02cvss —epss 0.26
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
- CVE-2004-0117Jun 1, 2004risk 0.02cvss —epss 0.26
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
- CVE-2004-0123Jun 1, 2004risk 0.02cvss —epss 0.30
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
- CVE-2003-0909Jun 1, 2004risk 0.02cvss —epss 0.21
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
- CVE-2003-0906Jun 1, 2004risk 0.02cvss —epss 0.25
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
- CVE-2003-0907Jun 1, 2004risk 0.02cvss —epss 0.22
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
- CVE-2004-0124Jun 1, 2004risk 0.02cvss —epss 0.21
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
- CVE-2003-0660Nov 17, 2003risk 0.02cvss —epss 0.23
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
- CVE-2003-0661Oct 20, 2003risk 0.02cvss —epss 0.22
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
- CVE-2003-0010Mar 24, 2003risk 0.02cvss —epss 0.24
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that…
- CVE-2002-1327Dec 26, 2002risk 0.02cvss —epss 0.23
Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
Page 23 of 38