Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_xp:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-0011 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." Published: February 14, 2012; 5:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0010 |
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." Published: February 14, 2012; 5:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0004 |
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." Published: January 10, 2012; 4:55:03 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3408 |
Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-3406 |
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2011-3404 |
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3401 |
ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3400 |
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3397 |
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1992 |
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2014 |
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." Published: November 08, 2011; 4:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2011-2011 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." Published: October 11, 2011; 10:52:44 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-2005 |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-2003 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-2001 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-2000 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1999 |
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1997 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1996 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1995 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |