VYPR

Windows Xp

by Microsoft

CVEs (744)

  • CVE-2005-0061May 2, 2005
    risk 0.00cvss epss 0.02

    The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.

  • CVE-2004-0893Jan 10, 2005
    risk 0.00cvss epss 0.02

    The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel…

  • CVE-2004-0979Dec 31, 2004
    risk 0.00cvss epss 0.04

    Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.

  • CVE-2004-2365Dec 31, 2004
    risk 0.00cvss epss 0.02

    Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.

  • CVE-2004-2527Dec 31, 2004
    risk 0.00cvss epss 0.02

    The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to…

  • CVE-2004-0208Nov 3, 2004
    risk 0.00cvss epss 0.02

    The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly…

  • CVE-2004-0207Nov 3, 2004
    risk 0.00cvss epss 0.02

    "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of…

  • CVE-2002-0034Feb 3, 2004
    risk 0.00cvss epss 0.02

    The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.

  • CVE-2003-0897Nov 17, 2003
    risk 0.00cvss epss 0.02

    "Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.

  • CVE-2003-0112May 12, 2003
    risk 0.00cvss epss 0.02

    Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.

  • CVE-2002-2324Dec 31, 2002
    risk 0.00cvss epss 0.02

    The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify…

  • CVE-2002-1670Dec 31, 2002
    risk 0.00cvss epss 0.01

    Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.

  • CVE-2002-2185Dec 31, 2002
    risk 0.00cvss epss 0.02

    The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively…

  • CVE-2002-2401Dec 31, 2002
    risk 0.00cvss epss 0.02

    NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.

  • CVE-2002-2283Dec 31, 2002
    risk 0.00cvss epss 0.02

    Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.

  • CVE-2002-2028Dec 31, 2002
    risk 0.00cvss epss 0.02

    The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

  • CVE-2002-2132Dec 31, 2002
    risk 0.00cvss epss 0.02

    Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.

  • CVE-2002-1256Dec 23, 2002
    risk 0.00cvss epss 0.05

    The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection,…

  • CVE-2002-1139Oct 11, 2002
    risk 0.00cvss epss 0.04

    The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka…

  • CVE-2002-0366Jul 3, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.

Page 37 of 38