Windows Vista

CVEs (14)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2007-1531	Microsoft Windows	0.05	—	0.23	Mar 20, 2007	Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
CVE-2007-3038	Microsoft Windows	0.03	—	0.35	Jul 10, 2007	The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking…
CVE-2007-3671	Microsoft Windows	0.01	—	0.07	Jul 10, 2007	Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.
CVE-2007-1763	Microsoft Windows	0.01	—	0.18	Mar 30, 2007	The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
CVE-2007-1535	Microsoft Windows	0.01	—	0.12	Mar 20, 2007	Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
CVE-2007-1527	Microsoft Windows	0.01	—	0.11	Mar 20, 2007	The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a…
CVE-2007-1533	Microsoft Windows	0.01	—	0.11	Mar 20, 2007	The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.
CVE-2007-1530	Microsoft Windows	0.01	—	0.15	Mar 20, 2007	The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.
CVE-2007-1529	Microsoft Windows	0.01	—	0.10	Mar 20, 2007	The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
CVE-2007-1528	Microsoft Windows	0.01	—	0.11	Mar 20, 2007	The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO…
CVE-2007-1532	Microsoft Windows	0.01	—	0.11	Mar 20, 2007	The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.
CVE-2007-0675	Microsoft Windows	0.01	—	0.17	Feb 3, 2007	A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page…
CVE-2007-2229	Microsoft Windows	0.00	—	0.02	Jun 12, 2007	Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store…
CVE-2007-1209	Microsoft Windows	0.00	—	0.03	Apr 10, 2007	Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort…

CVE-2007-1531Mar 20, 2007
Microsoft
Windows
risk 0.05cvss —epss 0.23
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
CVE-2007-3038Jul 10, 2007
Microsoft
Windows
risk 0.03cvss —epss 0.35
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking…
CVE-2007-3671Jul 10, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.07
Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.
CVE-2007-1763Mar 30, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.18
The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
CVE-2007-1535Mar 20, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.12
Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
CVE-2007-1527Mar 20, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.11
The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a…
CVE-2007-1533Mar 20, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.11
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.
CVE-2007-1530Mar 20, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.15
The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.
CVE-2007-1529Mar 20, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.10
The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
CVE-2007-1528Mar 20, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.11
The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO…
CVE-2007-1532Mar 20, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.11
The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.
CVE-2007-0675Feb 3, 2007
Microsoft
Windows
risk 0.01cvss —epss 0.17
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page…
CVE-2007-2229Jun 12, 2007
Microsoft
Windows
risk 0.00cvss —epss 0.02
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store…
CVE-2007-1209Apr 10, 2007
Microsoft
Windows
risk 0.00cvss —epss 0.03
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort…