Windows
by Microsoft
CVEs (2,526)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1453 | 0.00 | — | 0.02 | Jun 12, 2008 | The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. | |||
| CVE-2007-5352 | 0.00 | — | 0.03 | Jan 8, 2008 | Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. | |||
| CVE-2007-5350 | 0.00 | — | 0.04 | Dec 12, 2007 | Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." | |||
| CVE-2007-3036 | 0.00 | — | 0.02 | Sep 12, 2007 | Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." | |||
| CVE-2007-2229 | 0.00 | — | 0.02 | Jun 12, 2007 | Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store… | |||
| CVE-2007-1206 | 0.00 | — | 0.03 | Apr 10, 2007 | The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain… | |||
| CVE-2007-1209 | 0.00 | — | 0.03 | Apr 10, 2007 | Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort… | |||
| CVE-2007-1537 | 0.00 | — | 0.01 | Mar 20, 2007 | \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | |||
| CVE-2007-0211 | 0.00 | — | 0.03 | Feb 13, 2007 | The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | |||
| CVE-2006-6753 | 0.00 | — | 0.02 | Dec 27, 2006 | Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not… | |||
| CVE-2005-2388 | 0.00 | — | 0.02 | Jul 27, 2005 | Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. | |||
| CVE-2005-0060 | 0.00 | — | 0.02 | May 2, 2005 | Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. | |||
| CVE-2005-0550 | 0.00 | — | 0.02 | May 2, 2005 | Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". | |||
| CVE-2004-0208 | 0.00 | — | 0.02 | Nov 3, 2004 | The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly… | |||
| CVE-2004-0207 | 0.00 | — | 0.02 | Nov 3, 2004 | "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of… | |||
| CVE-2002-2401 | 0.00 | — | 0.02 | Dec 31, 2002 | NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. | |||
| CVE-2002-1692 | 0.00 | — | 0.02 | Dec 31, 2002 | Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. | |||
| CVE-2002-2028 | 0.00 | — | 0.02 | Dec 31, 2002 | The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing. | |||
| CVE-2002-0151 | 0.00 | — | 0.04 | Apr 4, 2002 | Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | |||
| CVE-1999-0590 | 0.00 | — | 0.06 | Jun 1, 2000 | A system does not present an appropriate legal message or warning to a user who is accessing it. |
- CVE-2008-1453Jun 12, 2008risk 0.00cvss —epss 0.02
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
- CVE-2007-5352Jan 8, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
- CVE-2007-5350Dec 12, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
- CVE-2007-3036Sep 12, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
- CVE-2007-2229Jun 12, 2007risk 0.00cvss —epss 0.02
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store…
- CVE-2007-1206Apr 10, 2007risk 0.00cvss —epss 0.03
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain…
- CVE-2007-1209Apr 10, 2007risk 0.00cvss —epss 0.03
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort…
- CVE-2007-1537Mar 20, 2007risk 0.00cvss —epss 0.01
\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
- CVE-2007-0211Feb 13, 2007risk 0.00cvss —epss 0.03
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
- CVE-2006-6753Dec 27, 2006risk 0.00cvss —epss 0.02
Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not…
- CVE-2005-2388Jul 27, 2005risk 0.00cvss —epss 0.02
Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
- CVE-2005-0060May 2, 2005risk 0.00cvss —epss 0.02
Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
- CVE-2005-0550May 2, 2005risk 0.00cvss —epss 0.02
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
- CVE-2004-0208Nov 3, 2004risk 0.00cvss —epss 0.02
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly…
- CVE-2004-0207Nov 3, 2004risk 0.00cvss —epss 0.02
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of…
- CVE-2002-2401Dec 31, 2002risk 0.00cvss —epss 0.02
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
- CVE-2002-1692Dec 31, 2002risk 0.00cvss —epss 0.02
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
- CVE-2002-2028Dec 31, 2002risk 0.00cvss —epss 0.02
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
- CVE-2002-0151Apr 4, 2002risk 0.00cvss —epss 0.04
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
- CVE-1999-0590Jun 1, 2000risk 0.00cvss —epss 0.06
A system does not present an appropriate legal message or warning to a user who is accessing it.
Page 126 of 127