U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_vista:-:-:*:*:home_basic_n:*:x64:*
  • CPE Name Search: true
There are 457 matching records.
Displaying matches 441 through 457.
Vuln ID Summary CVSS Severity
CVE-2007-0946

Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.

Published: May 08, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0947

Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.

Published: May 08, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2221

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."

Published: May 08, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-1209

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

Published: April 10, 2007; 5:19:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-1763

The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.

Published: March 29, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-1527

The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1528

The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1529

The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1530

The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1531

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1532

The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2007-1533

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1534

DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-1535

Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1499

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

Published: March 17, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-7030

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-7031

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM