Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_xp:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3940 |
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3939 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3348 |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3346 |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3345 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3343 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3342 |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3340 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3962 |
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. Published: November 05, 2010; 1:00:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-4182 |
Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: November 04, 2010; 3:00:03 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3227 |
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." Published: October 26, 2010; 6:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3331 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3330 |
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3329 |
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3328 |
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2010-3327 |
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3326 |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3325 |
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3243 |
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3228 |
The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |