Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_xp:-:sp3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-4250 |
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." Published: October 23, 2008; 6:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-4609 |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. Published: October 20, 2008; 1:59:26 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-3475 |
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." Published: October 14, 2008; 8:12:15 PM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2008-3473 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." Published: October 14, 2008; 8:12:15 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2252 |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." Published: October 14, 2008; 8:12:15 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-1446 |
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." Published: October 14, 2008; 8:12:15 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2008-4327 |
gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. Published: September 30, 2008; 12:13:54 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1447 |
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." Published: July 08, 2008; 7:41:00 PM -0400 |
V3.1: 6.8 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2008-1441 |
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." Published: June 11, 2008; 10:32:00 PM -0400 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2007-2223 |
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Published: August 14, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |