Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-0010 |
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." Published: February 14, 2012; 5:55:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-4562 |
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. Published: February 02, 2012; 12:55:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-5046 |
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." Published: December 30, 2011; 2:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3404 |
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3397 |
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-2018 |
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-1992 |
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." Published: December 13, 2011; 7:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3402 |
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." Published: November 04, 2011; 5:55:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3251 |
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. Published: October 27, 2011; 10:49:53 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3250 |
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. Published: October 27, 2011; 10:49:53 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3249 |
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding. Published: October 27, 2011; 10:49:53 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3248 |
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. Published: October 27, 2011; 10:49:52 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3247 |
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. Published: October 27, 2011; 10:49:52 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3252 |
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. Published: October 12, 2011; 2:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-3219 |
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. Published: October 12, 2011; 2:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-2339 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. Published: October 12, 2011; 2:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2011-2338 |
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. Published: October 12, 2011; 2:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2011-0259 |
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Published: October 12, 2011; 2:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2011-2005 |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2011-2001 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." Published: October 11, 2011; 10:52:43 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |