U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_xp:-:sp2:professional:*:*:*:*:*
  • CPE Name Search: true
There are 703 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-7485

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-7484

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-7483

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Published: April 16, 2020; 3:15:34 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-5364

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Published: February 20, 2020; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2012-5362

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.

Published: February 20, 2020; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2014-9748

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Published: February 11, 2020; 12:15:11 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14010

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

Published: April 26, 2018; 3:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5457

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.

Published: February 06, 2018; 4:29:00 PM -0500
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

Published: June 22, 2017; 10:29:00 AM -0400
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2017-8487

Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."

Published: June 15, 2017; 4:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2017-8461

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

Published: June 15, 2017; 4:29:00 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter.

Published: March 11, 2017; 1:59:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-1305

McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

Published: February 06, 2015; 10:59:12 AM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-7286

Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

Published: December 22, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-5065

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

Published: November 27, 2013; 7:55:04 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3181

usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."

Published: August 14, 2013; 7:10:36 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-3175

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability."

Published: August 14, 2013; 7:10:36 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-3956

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.

Published: July 31, 2013; 9:20:28 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3697

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.

Published: July 31, 2013; 9:20:28 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3660

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

Published: May 24, 2013; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM