Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:microsoft:windows_xp:-
There are 1,332 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2010-5153

** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Published: August 25, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-5152

** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Published: August 25, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-5151

** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Published: August 25, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-5150

** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Published: August 25, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2012-4337

Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references.

Published: August 23, 2012; 11:55:00 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2527

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-2526

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1853

Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2012-1852

Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2012-1851

Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2012-1850

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."

Published: August 14, 2012; 9:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-1893

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."

Published: July 10, 2012; 5:55:06 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-1891

Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."

Published: July 10, 2012; 5:55:06 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1890

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."

Published: July 10, 2012; 5:55:06 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-1870

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."

Published: July 10, 2012; 5:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0175

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."

Published: July 10, 2012; 5:55:05 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1889

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: June 13, 2012; 12:46:46 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1882

Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."

Published: June 12, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-1881

Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."

Published: June 12, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1880

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."

Published: June 12, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH