VYPR

Windows

by Microsoft

CVEs (2,526)

  • CVE-2008-1453Jun 12, 2008
    risk 0.00cvss epss 0.02

    The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.

  • CVE-2007-5352Jan 8, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.

  • CVE-2007-5350Dec 12, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."

  • CVE-2007-3036Sep 12, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."

  • CVE-2007-2229Jun 12, 2007
    risk 0.00cvss epss 0.02

    Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store…

  • CVE-2007-1206Apr 10, 2007
    risk 0.00cvss epss 0.03

    The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain…

  • CVE-2007-1209Apr 10, 2007
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort…

  • CVE-2007-1537Mar 20, 2007
    risk 0.00cvss epss 0.01

    \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.

  • CVE-2007-0211Feb 13, 2007
    risk 0.00cvss epss 0.03

    The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

  • CVE-2006-6753Dec 27, 2006
    risk 0.00cvss epss 0.02

    Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not…

  • CVE-2005-2388Jul 27, 2005
    risk 0.00cvss epss 0.02

    Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.

  • CVE-2005-0060May 2, 2005
    risk 0.00cvss epss 0.02

    Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.

  • CVE-2005-0550May 2, 2005
    risk 0.00cvss epss 0.02

    Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".

  • CVE-2004-0208Nov 3, 2004
    risk 0.00cvss epss 0.02

    The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly…

  • CVE-2004-0207Nov 3, 2004
    risk 0.00cvss epss 0.02

    "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of…

  • CVE-2002-2401Dec 31, 2002
    risk 0.00cvss epss 0.02

    NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.

  • CVE-2002-1692Dec 31, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.

  • CVE-2002-2028Dec 31, 2002
    risk 0.00cvss epss 0.02

    The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

  • CVE-2002-0151Apr 4, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.

  • CVE-1999-0590Jun 1, 2000
    risk 0.00cvss epss 0.06

    A system does not present an appropriate legal message or warning to a user who is accessing it.

Page 126 of 127