Windows XP SP3
by Microsoft
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4971 | 0.05 | — | 0.23 | Jul 26, 2014 | Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ… | |||
| CVE-2012-2526 | 0.05 | — | 0.58 | Aug 15, 2012 | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol… | |||
| CVE-2012-1853 | 0.05 | — | 0.64 | Aug 15, 2012 | Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack… | |||
| CVE-2011-0045 | 0.03 | — | 0.01 | Feb 9, 2011 | The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted… | |||
| CVE-2010-2743 | 0.03 | — | 0.05 | Jan 20, 2011 | The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by… | |||
| CVE-2008-3648 | 0.03 | — | 0.41 | Aug 12, 2008 | nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | |||
| CVE-2012-1868 | 0.00 | — | 0.01 | Jun 12, 2012 | Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." | |||
| CVE-2011-0673 | 0.00 | — | 0.00 | Apr 13, 2011 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." | |||
| CVE-2010-0235 | 0.00 | — | 0.01 | Apr 14, 2010 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel… | |||
| CVE-2007-0210 | 0.00 | — | 0.02 | Feb 13, 2007 | The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. |
- CVE-2014-4971Jul 26, 2014risk 0.05cvss —epss 0.23
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ…
- CVE-2012-2526Aug 15, 2012risk 0.05cvss —epss 0.58
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol…
- CVE-2012-1853Aug 15, 2012risk 0.05cvss —epss 0.64
Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack…
- CVE-2011-0045Feb 9, 2011risk 0.03cvss —epss 0.01
The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted…
- CVE-2010-2743Jan 20, 2011risk 0.03cvss —epss 0.05
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by…
- CVE-2008-3648Aug 12, 2008risk 0.03cvss —epss 0.41
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
- CVE-2012-1868Jun 12, 2012risk 0.00cvss —epss 0.01
Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
- CVE-2011-0673Apr 13, 2011risk 0.00cvss —epss 0.00
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability."
- CVE-2010-0235Apr 14, 2010risk 0.00cvss —epss 0.01
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel…
- CVE-2007-0210Feb 13, 2007risk 0.00cvss —epss 0.02
The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.